I think that most cryptocurrency fans don't consider mainstream financial institutions to be "trusted".
Posts by JohnFen
5648 publicly visible posts • joined 20 Feb 2015
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- Next →
Blockchain is a lot like teen sex: Everybody talks about it, no one has a clue how to do it
Re: Blockchain is a ledger, first and foremost
"Can you name something that you can do on a blockchain that isn't possible on a different storage format?"
I think that's the wrong question. The right question is "what can you accomplish with a blockchain that can't already be accomplished at least as well with other methods?" If block chain did nothing new, but did the old stuff in a much better way, that would still make it very valuable.
Be wary of emails with links to ... er, Google Drive? Is that right?
Standard practice
The standard advice of never opening attachments that you weren't expecting applies just as much to any files stored in the cloud. After all, the only difference between the two is where the file is stored. This is not new -- it should have been part of everyone's regular security spiel from day 1.
Personality quiz for all you IT bods: Are you a chameleon or an outlaw? A diplomat or a high flier? Vote right here
Re: Recruitment consultants.
"I am the only one who thinks that they are pimps?"
You're not the only one. They really are pimps. But by the same token, we're all prostitutes anyway (we rent the use of our bodies to others for money). I hear that in some circumstances, a prostitute can truly benefit from having a good pimp.
Re: Occam's belt sander says-
"and write them on their whiteboards so other people will know how to deal with them."
I've never experience this in any place that I've worked, but if I did I would be sorely tempted to select my four letters based on how that would make people treat me, rather than based on a stupid test.
"You'll be stuck with 2% annual increases otherwise. But if you change jobs (companies) every 2-3 years you'll get a 10-15% bump each time."
I've been in the industry for about 30 years now, and this has been my experience. The only times I've seen significant salary increases is when I've changed jobs (I have a habit of asking for 20% more than I was paid in my previous job, and on average get a bit more than 10% over).
Re: What does that make me?
Lawsuits for what?
In the US, anyway, you are allowed to discriminate against applicants for any reason that isn't in the short list of protected classes (age, sex, religion, etc.) "Lack of personality" would be a legally acceptable reason to not hire someone, as would "I don't like you".
UK is 'not a surveillance state' insists minister defending police face recog tech
It's May 2. Know what that means? Yep, it's the PR orgy that is World Password Day... again
Re: Can a grownup, please...?
"In fact, I'd say the "CorrectHorseBatteryStaple" cartoon is a rare example of XKCD getting it badly wrong."
I agree. If your passphrase consists of dictionary words strung together, it really does make dictionary attacks easier even when you use multiple words.
But my main problem with the XKCD method is that it's incompatible with my brain. It's much harder for me to remember phrases like "CorrectHorseBatteryStaple" than it is to remember a random character string. So I'm sticking with random character strings.
Cali Right-to-Repair law dropped, cracks screen, has to be taken to authorized repair shop
We dunno what's worse: Hackers ransacked Citrix for FIVE months, or that Equifax was picked to help mop up the mess
NordVPN rapped by ad watchdog over insecure public Wi-Fi claims
Re: In all fairness
Yes. That was why I said WPA3 may or may not make this better. Also, even if WPA3 ends up having no obvious weaknesses on release, the day will inevitably come when it is compromised as well.
The essential problem with WiFi is the very thing that makes WiFi convenient: it involves broadcasting over radio, eliminating (or drastically reducing) the need to gain physical access to a place in order to attack it.
Re: In all fairness
"unless you eliminate all of them, or at least all of them you consider practical given your threat assessment, you're just deceiving yourself."
The first law of security is "if it can be accessed legally, it can be accessed illegally". If you are ever considering yourself "secure" in an absolute sense, you're deceiving yourself, period.
That doesn't mean that it's pointless to engage in any security that isn't 100% comprehensive. All steps taken are of value. The more comprehensive your defenses are, the better, of course -- but I don't think it's a good idea to imply that even a meager defense isn't worth doing.
WiFi is one of the weakest links in a network, because there are relatively low-skill attacks readily available for it. As such, it seems worth at least securing that better even if you don't do anything else.
Viruses are only one of a whole range of security threats. When I think WiFi (whether open or not), the first threat that comes to mind isn't viruses -- it's a MITM attack that allows others who are in the broadcast range of the hotspot to insert themselves into my datastream. Even a properly set up WiFi AP does not provide good enough protection against this sort of thing.
What really opened my eyes about this is when I did pentesting of my own network. I had a properly set up and encrypted WiFi AP, and was still able MITM any device connected to it without having to know the WPA2 credentials.
That's when I started using a VPN with all WiFi APs.
Re: Train WiFi was actually that bad for a while
Security questions are notoriously poor security, as they are always things that are easy and reliable for people to remember -- thus are things that can be discovered by others with a modicum of research.
For years, I've been recommending to people that if they have to set answers to security questions, don't actually answer the question asked. Use the question as code for something unrelated. "What's your favorite color?", for instance, can be reinterpreted and answered as "What is every character of your home address" or something.
Re: In all fairness
"It's only as private as the next network connection, though."
True (assuming by "next network connection" you mean the next one after the end of the VPN). But I was talking specifically about making WiFi connections secure in the face of the inadequacy of WPA2. A VPN (even a commercial one) does that very well. I was not addressing wider network security issues.
Re: In all fairness
"This is useful if you want to obscure the origin of your traffic but has no bearing on the privacy of its contents."
Except that the traffic flowing through the VPN is encrypted, so it has a great deal of bearing on the privacy of the data flow. And when you use one, as I do, that you run yourself, then you know that your VPN provider is trustworthy because your VPN provider is yourself.
In all fairness
WiFi actually is inherently insecure -- it is not a huge problem to break WPA2. WPA3 may (or may not) fix this, but until that's ubiquitous it's best to treat all WiFi connections as if they were in the clear. I do not use WiFi anywhere (including in my own home) without using a VPN. (I use my own VPN server for this, not a commercial one).
Cool story, brew: Utah karaoke crooners receive cold, refreshing shock as alcohol authority refuses beer licence
Re: me no understand
"There was an era where drunks hassling church-goers was a thing. Putting space between the two was a sensible restriction."
That may be the historical reason, but it's hard to believe that's the reason why it continues to be enforced today. There are lots of places in the US where there is no such restriction, and I haven't heard about any serious problem with drunks hassling church-goers in those areas.
Microsoft promises to boil down its lengthy and confusing privacy controls… in 1,500-word announcement
"I suspect they themselves do not even know where all the data collecting is triggered, so they cannot say if they are able to remove or alter it."
If that's true, then I've been giving Microsoft far too much credit. They've always appeared to me to be technically competent, with the objectionable engineering problems resulting from bad management rather than technical incompetence. But the picture you posit is one of a high degree of technical incompetence.
Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone
Re: Telnet IS a backdoor
"inetd is, and has always been a server on UNIX and UNIX-ish systems."
What I meant was that it isn't providing any direct internet services. It is managing other internet services.
I already corrected my busybox error.
"The xinetd daemon handles all the service requests, including telnet, rlogin, etc."
But it doesn't actually service those requests itself. It starts the appropriate server and has that actually handle the request. In the case of telnet, it starts the telnet server -- in.telnetd -- and then the telnet server actually deals with the telnet operation.
Re: Telnet IS a backdoor
"By the way, there is no such thing as a Telnet Server. There never was.
It's either the ancient inetd, which I have not seen since around 1998, or its more recent incarnation named xinetd, which is supposed to be slightly less insecure."
inetd and xinetd are used to fire up servers on-demand. Neither of those are actually proper servers in and of themselves. There is such a thing as a telnet server in both BSD and Linux. It's called telnetd. It isn't installed by default anymore, and it's very much not recommended for use, but it does exist.
In Linux these days, I think the telnet server tends to be provided by busybox instead of by an always-on daemon.
Re: On the one hand
I didn't miss that part. But I suspect we differ about what a backdoor is. In my book, a backdoor is an unadvertised method of gaining access to a system remotely. Whether or not the credentials are hardcoded doesn't matter.
I may be misunderstanding what they're doing here, but my understanding is that the telnet interface is not remotely accessible by default. I'm also willing bet it's not undocumented.
Re: Why would Telnet be required...
"At least someone wishing to get into the equipment would have to be onsite."
As I understand their implementation, you have to be onsite to use the telnet connection. It is not exposed to the wider network. Most, if not all, of the consumer routers I've used have had the same thing going on.
On the one hand
On the one hand, nobody should be using a telnet server outside of certain special circumstances. It's too insecure and there are better options.
On the other hand, the use of telnet for this sort of thing is very common and can't, all by itself, be called a "back door" with a straight face.
Ok Google, please ignore this free tax filing code so we can keep on screwing America
Re: I'm assuming that the USA is where the game is rigged.
"So, instead of a logical system based on income and family size we have deductions."
But nobody has to play that game. You can (mostly) just take the standard deduction and be done with it. That's what I prefer to do. Sure, I end up paying more than I'm technically obligated to, but I get repaid in terms of much less hassle and aggravation.
Re: I'm assuming that the USA is where the game is rigged.
Only if you're looking at income taxes in isolation. Taken as a whole, the difference between the two isn't so huge. And if you factor in the other differences, such as things that aren't technically taxes in the US but are mandatory anyway, that difference becomes even smaller.
"We are also encouraged that during this tax season our TurboTax Free File Program donated nearly 1.2 million tax returns free of charge to taxpayers."
My, how generous of them! Despite having a sweetheart deal that ensures that they can soak people, they still make a token effort toward doing what they've promised in return. Truly magnanimous.
Say hi to pay-as-you-go on-prem IT: Dell, VMware tout private cloud-as-a-service, or rentable tech as everyone would call it
There's NordVPN odd about this, right? Infosec types concerned over strange app traffic
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- Next →